1679902211_maxresdefault.jpg

Amazing Products TV My Channel Was Deleted Last Night

Awesome Tips My Channel Was Deleted Last Night



Thanks to dbrand for sponsoring this video! Use code FIVEFOOTONE at  for 15% off everything site wide.

Discuss on the forum:

Shoutout to ThioJoe: @ThioJoe
Shoutout to Gamers Nexus: @GamersNexus

THANK YOU ALL FOR YOUR SUPPORT!

► GET EXCLUSIVE CONTENT ON FLOATPLANE:
► GET LTTSTORE MERCH:
► GET LTX 2023 TICKETS:
► SPONSORS, AFFILIATES, AND PARTNERS:
► OUR WAN PODCAST GEAR:

FOLLOW US
—————————————————
Twitter:
Facebook:
Instagram:
TikTok:
Twitch:

MUSIC CREDIT
—————————————————
Intro: Laszlo – Supernova
Video Link:
iTunes Download Link:
Artist Link:

Outro: Approaching Nirvana – Sugar High
Video Link:
Listen on Spotify:
Artist Link:

Intro animation by MBarek Abdelwassaa
Monitor And Keyboard by vadimmihalkevich / CC BY 4.0
Mechanical RGB Keyboard by BigBrotherECE / CC BY 4.0
Mouse Gamer free Model By Oscar Creativo / CC BY 4.0

CHAPTERS
—————————————————
0:00 Intro

Deals for Days. Big home savings are happening now.


Belkin Store – Exclusive Product Offers

Previous Post
1679905686_maxresdefault.jpg
Amazing Products TV

Amazing Products TV Adding 'X-Ray Vision' to Microsoft's HoloLens

Next Post
1679825196_maxresdefault.jpg
Amazing Products TV

Amazing Products Top 10 Must Have EDC Essentials to Make Daily Life Easier

Comments

  1. Thank you ALL for your constant support! And thanks to dbrand for sponsoring this video. Use code FIVEFOOTONE at http://shortlinus.com for 15% off everything site wide.

    ► GET EXCLUSIVE CONTENT ON FLOATPLANE: https://lmg.gg/lttfloatplane

    ► GET LTTSTORE MERCH: https://lttstore.com

    ► GET LTX 2023 TICKETS: https://lmg.gg/ltx23

    ► SPONSORS, AFFILIATES, AND PARTNERS: https://lmg.gg/partners

    ► OUR WAN PODCAST GEAR: https://lmg.gg/wanset

  2. OWNE! i like that number 😀

  3. It is beyond me why YT hasn't made an algorithm yet that detects these hacks and invalidates all sessions for the acount in question….

  4. 14:43 OWNE ≠ 1 Linus.. 🤭

  5. Y ikes

  6. 14:4114:49 "Using code "five foot one", that's one word, all one word, "F-I-V-E… F-O-O-T… O-W-N-E"🤨😂

  7. 10:47 even Steam marketplace already does this with selling items lol

  8. Welcome back! ✌🏻

  9. How can we be safe so that we dont get hacked ??

  10. Ah classic session token. One of the first things we check in these circumstances at work. Reject and signout all sessions! 😅

  11. Linus, unzipping, double-checking extensions, and noticing an expected outcome didn't work is not "the latest in cyber attacks" This has been happening since 2000.

  12. Well same happened with me, i lost 45 dollars this way, 45 dollars may not be anything for you but for me it was everything 🙁

  13. @14:47 its one not owne

  14. Just ditch Winbugs an security will be improved

  15. Surely there needs to be an automatic response from Google that stops large channels from being changed, streaming, and deleting all the videos.
    Like.. why is that even allowed

  16. f-i-v-e-f-o-o-t-o-w-n-e

  17. I am glad that you are back. One of my friends is a huge fan of you.
    A similar attack to this happened to The Bread Pirate (a Zelda Breath of the Wild YouTuber), I definitely recommend watching his video on it.

  18. Google Security is so odd! High security in low-priority things and Low-security in these type of high value things.

    Example-
    My brother-in-law, single Android Mobile user with no PC, bought a new android mobile with exchange offer for discount.
    When he tried to setup and login in the new mobile with known username and password, Google was asking for old mobile for verification!

  19. Why aren't session tokens simply encrypted with a MAC Address mingled in? Seems like an easy fix to not allow one to run on another PC at all. If the encryption process uses Time of Day as a randomizer element during the encryption, a hacker would have zero chance of even reverse engineering the encryption before it should expire, right?

  20. I hope that was his wife in the video trying to help him?

  21. Would this has happened if the Editor was using Linux?

  22. Pls use Mac or Linux for your Relationship Team Members whos work is only handling emails and pdf etc.
    This will block any script/exe execution.

  23. Those hackers are happy that they give some big youtubers a big lesson and to challenge also how the security of youtube,google and other apps and services can breach easily holy sht, but the sad part is Google is "aware" that those attacks are still on going and they can't find a solution to stop those attacks.

  24. Is it just me or did linus just spelled ONE as O-W-N-E?

  25. Even tech leaders can be hacked. How are normal people supposed to know what file can be opened or not?

  26. Close one

  27. Glad you guys are back and we should maybe Deal with these problems a bit more because of these frequent attacks. Maybe like finding out who is behind this or shutting them down complete but I guess that would be a bit extreme. Plus i know its your home but why are you like completely Nude 😂

  28. imagine not running mission-critical / high security required systems on linux LOOOOOOOOL

  29. 14:47 "O W N E" think they hacked your spelling skills as well

  30. Dont you guy have a backup database?

  31. 'debrand' lol

  32. SMS 2FA has been long known to be problematic since if an attacker knows your phone number they can hijack it to receive your SMSs. Using an authenticator app does not have this vulnerability.

    Authy is a bit problematic since you can access it from multiple devices, which defeats the security in a way. Keeping your authenticator app on one device, and making sure that device is a locked down one such as a smartphone, helps protect your 2FA.

    Session tokens don't just keep you logged in when you close your browser, they keep you logged in period. Back in the day when HTTPS was only used for login forms and HTTP was used for normal site content, a session token was essential for ensuring your browser did not need to send your password over HTTP with every request. Now, it's the gold standard for how to handle sessions, even though HTTPS is recommended for use for all site traffic now.

    Google does track what IPs you visit their sites from on this page: https://myaccount.google.com/device-activity

    It's not clear to me why they don't limit sessions to at least an IP block or a resolved location if not a single IP. Maybe too many false positives for detecting location changes. Or for users who hop on/off of a VPN Google would rather not require them to log in all the time.

    Another thing YouTube could do (I don't recall seeing any such feature, I don't operate a big channel though) is provide the channel owner with a log showing changes they and other users they've granted access to the channel have done with the channel recently. This would allow for easy identification of a compromised account like LTT experienced, and he could shut off access quickly. Focus can then be moved to cleanup of the channel and having the user reclaim and secure their account.

    It sounds like this feature exists for their internal teams, so it should be possible to expose a similar feature for channel owners.

    Restricting access would help a lot too but as you noted, in practice most users find this bothersome and don't bother to set up such features properly. From what I've seen YouTube tries to strike a balance, offering a small selection of roles which you can easily select for a user account. They could offer more granular controls but again there is the risk it would be too intimidating for most users who may abandon the idea of securing access entirely.

    You mention running into glitches and bugs trying to resecure the channel. It's possible some or all of these were intentionally caused by the hacker trying to slow you down. Of course YouTube can always improve the stability of their tools, but often times you can make a tool 99.999% secure and the other 0.001% happens rarely enough to not worth the time to fix… until a malicious hacker figures out how to trigger it 100% of the time. That said this is just speculation on my part and it could just entirely be normal functionality of the tool to have those issues.

    Currently Google requires you to relogin if you want to change your password, and many sites do the same for changing your email address. This makes sense as it can be a point of no return for control of your account if it is a malicious individual making the change. Changing a channel name and icon doesn't seem to me to fit in that same category. Furthermore it wouldn't have stopped the scammer from running his livestream. Heck, the channel name/icon change was probably done automatically by a tool… if it had been done manually, a scammer may have wanted to KEEP your branding. So I don't think it would necessarily help anything to lock those things behind a password. Anything that could lock the owner out of the channel, of course, should be behind a password.

    Hindsight is 20/20 when it comes to ideas like limiting actions which are more likely to be done by a malicious user, like bulk deleting videos. Honestly that is probably not going to help too much since an attacker can simply craft a tool to bulk delete videos while they look like individual video deletions to bypass any such limit. Given the scale of YouTube and the number of users and amount of content, it's not clear if Google could try to cat-and-mouse this to detect such things or not. Either way, it sounds like they can undo deletions and changes, which is probably their official stance on how to handle these types of breaches. Doesn't matter if the videos were deleted when it can be undone very easily by Google.

    Banks and other similar sites invalidate sessions very aggressively. I actively look for ways around it sometimes because it's so annoying since it feels like it gets in the way. It's important not to put security measures in place which encourage users to try and subvert them! That said Google could probably do more with requiring login if your IP changes to something unusual.

    There's possible applications using AI to determine if a user's actions fit with their existing pattern of actions or not. From things like low level mouse/keyboard patterns to high level actions taken, to what IP and browser fingerprint they're connecting from.

  33. although this is an awful thing to have happen to linus, the awareness this brings is worth it.

  34. Wow Linus you have some huge strawberries! Nice

  35. Plot twist: Linus only wears clothes at work

  36. LOL so it was good old MoneyOffer.pdf.exe

  37. Minecast or Proofpoint too expensive for LMG?

  38. Session tokens are supposed to have a built in expiry.

  39. Linus is not taking any Hindu people for job this is why this happened to him.. his wife is Chinese so may be that's why we are not being hired.

    A Hindu employee could help Linus with such malware issue.

  40. This is how they steal roblox accounts and items. They ask for your avatar outfit to get it started.

  41. That is actually a really impressive and complicated situation. Apparently you mitigated most of the problem, hence your video. BUT man oh man.
    I bet everyone was in overdrive panic mode. And "not Colten" or whoever it was. As punishment…they should do a company wide presentation…on security and how to keep a eye peeled for stuff like this.

    No actual punishment, just a learning experience for everyone!

    Good video tho. Thanks.

  42. FIVEFOOTOWNE

  43. I was sad to hear that you got hacked, but then I remembered "who" you are, and what you do. You'll bounce back 10x from this. <3

  44. anyone else catch when he spelled “one” “O W N E”

  45. DBRAND are troopers. Always giving me a smile with these silly little sponsor times.

  46. he got tech tip'd

  47. 👍

Leave a Reply